-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Policy should label /root with one label and this should not be effected
by the passwd database.

In Fedora policy we label this as admin_home_t.  Having this label vary
depending on policy ends up with lines like

dontaudit * user_home_t:dir search_dir_perms
dontaudit * admin_home_t:dir search_dir_perms
dontaudit * sysadmin_home_t:dir search_dir_perms
dontaudit * staff_home_t:dir search_dir_perms

Labeling this directory as user_home_t, opens the system to possible
security risks since some domains have to be able to write to
user_home_t when they would never be allowed to write to admin_home_t.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklslqMACgkQrlYvE4MpobPY/ACdHitHOeU+c77VVePxkkTpmSsw
M2gAoJxZPlUKHJ3cL0zIb8fuHMq5VSRz
=LmKq
-----END PGP SIGNATURE-----